Regarding prepared statements. Look into what your driver does with them.
Some drivers just concatenate the strings (no protection at all), others do a sanitised concatenation, the best send it to the server to compile and then send the parameters to the server in separate calls (best).
Know what your driver does! Don't assume.
(Also don't rely on this mechanism.. CHECK YOUR INPUTS!)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Regarding prepared statements. Look into what your driver does with them.
Some drivers just concatenate the strings (no protection at all), others do a sanitised concatenation, the best send it to the server to compile and then send the parameters to the server in separate calls (best).
Know what your driver does! Don't assume.
(Also don't rely on this mechanism.. CHECK YOUR INPUTS!)